9
Technology Governance Board Annual Report Page
State of Iowa
Technology Governance Board
Mollie Anderson, Department of Administrative Services, Chair
Michael Tramontina, Department of Management
Nancy Richardson, Department of Transportation
Jan Clausen, Department of Human Services
LeLoie Dutemple, Iowa Workforce Development
Tom Gronstal, Commerce Department
Mark Schuling, Department of Revenue
Karen Misjak, Iowa College Student Aid Commission
Sandra Cowie, Principal Financial, Public Member
This report was produced in compliance with Iowa Code §8A.204(3a) to be submitted to the Governor, the Department of Management, and the General Assembly by January 8, 2007. Copies of this publication have been filed in compliance with Iowa Code §§ 8A.202(e) and 305.10.
This report is available at the Iowa Publications Online website at http://publications.iowa.gov/ and is filed under the Department of Administrative Services.
© Copyright Iowa Technology Governance Board (TGB), January 2007.
9
Technology Governance Board Annual Report Page
Iowa Technology Governance Board
Annual Report
Table of Contents
Page
Acknowledgements 1
Foreword 2
Executive Summary 3
Technology Governance Board Vision 3
Technology Governance Board Mission 3
Technology Governance Board Activities and Initiatives 3
RFP Reviews 3
Approval of IOWAccess Convenience Fees 4
Service-Oriented Architecture (SOA) 5
Information Technology Standards 6
Information Technology Security 6
State of Iowa Information Technology Spending 7
State of Iowa Information Technology Savings 10
Appendix A. Technology Governance Board Membership, Duties, and Responsibilities 12
Appendix B. TGB Annual Report Terminology 13
Appendix C. Agencies Participating in the Survey of Information Technology Costs 14
Appendix D. Information Technology Personnel Spending 15
Appendix E. Technology Equipment and Services Spending 22
Appendix F. Recap of Fiscal Year 2005, 2006, and 2007 Savings 24
9
Technology Governance Board Annual Report Page
Acknowledgements
The Technology Governance Board (TGB) would once again like to express our appreciation to the Chief Information Officers of the state agencies for their considerable efforts in assembling, proofing, and editing the large volume of data required to compile this report.
In addition, we would like to acknowledge the ongoing contributions of John Gillispie, Chief Operating Officer of the Department of Administrative Services - Information Technology Enterprise for his leadership and guidance in the development and operation of the Technology Governance Board.
Finally, we would like to recognize Wes Hunsberger and Tom Shepherd for their operational and technical support of the Technology Governance Board and for producing and distributing this publication. Please direct any questions about this 2006 Technology Governance Board Annual Report to Wes Hunsberger at or (515) 281-6993.
9
Technology Governance Board Annual Report Page
Foreword
Technology is an integral part of our business and personal lives, affecting virtually everything we do and experience in some form or fashion. This pervasive use of technology has created a critical dependency on information technology (IT) that calls for a specific focus on IT governance. IT governance consists of the leadership, organizational structures, processes, and relational mechanisms that ensure state government’s IT sustains and extends government’s strategies and objectives.
On the day this report is filed, the Technology Governance Board (TGB) will have been in operation for just over eighteen months. In that time, the TGB members have met a number of challenges in dealing with the complexity and diversity of the executive branch and its demanding technology requirements. In addition to those challenges, the board also believes they have begun to reap the benefits of effective and collaborative information technology governance. At their recent strategic planning session, the TGB laid out the priorities for continuing this work in the coming months.
The TGB provides an information technology governance structure in which all stakeholders, including the information technology professionals, internal customers and related areas such as finance and policymakers have input into key technology investment and strategic decisions. This prevents a single stakeholder from shouldering a disproportionate responsibility for the complex technological issues facing the institutions of government and encourages all stakeholders to participate in the success of the enterprise.
To that end, the TGB oversees the investment and performance of information solutions across executive branch agencies and advises and counsels the Governor on the development, operation, and management of the State’s IT investments, resources, and systems.
Signed,
Mollie Anderson
Chair
Iowa Technology Governance Board
Hoover State Office Building – Third Floor
Des Moines, IA 50319
Executive Summary
In discharging its statutory duties, the TGB supports activities and initiatives aimed at identifying a comprehensive set of information technology standards, services, interfaces, supporting data formats, protocols, and products. In this endeavor, the TGB is taking a holistic approach, looking at state government information systems as a combination of functional users, information technology personnel, business processes and procedures, application software, documentation, commercial off-the-shelf software, computer hardware, networking, and other information technology resources.
In December 2006, the TGB developed a strategic plan containing a vision, mission, goals, and strategies leading to an information technology infrastructure and policies that will enhance and unify the technology infrastructure to support business operations in an electronic government, consistent with the vision of providing sustained support for “extraordinary customer service”.
Technology Governance Board Vision
Technology: supporting extraordinary customer service.
Technology Governance Board Mission
The Technology Governance Board maximizes the value of executive branch information technology for Iowa’s citizens by:
· Promoting technology-based innovation.
· Promoting excellence in all aspects of the information technology in state government.
· Reducing duplication of services.
· Supporting high-quality standards-based information technology services.
· Tracking and reporting information technology expenditures.
Technology Governance Board Activities and Initiatives
RFP Reviews
The TGB reviews all information technology (IT) requests for proposals (RFP) from participating agencies prior to issuance for all IT hardware, software development projects, IT services, and IT outsourcing in excess of either $50,000 or 750 staff hours. The TGB may approve the issuance of the RFP, defer action on the RFP until additional information is submitted, or disapprove the issuance of the RFP. Participating agencies cannot issue an RFP exceeding either the cost or staff hour threshold without TGB permission. In the past year, over two dozen RFPs have been reviewed.
This RFP review process seeks to ensure the IT goods or services being procured do not duplicate existing services and are compliant with the established enterprise IT standards and architecture. The review also enables the TGB to foster collaboration and cooperation between agencies for IT equipment and software purchases and application development. The TGB enlists the technical assistance of the Joint Council of Chief Information Officers (JCIO) to identify similar applications and equipment within the enterprise. The JCIO review process has identified alternatives for several RFPs, ranging from a state agency performing the work (thus eliminating the need for the RFP) to TGB representatives being included in the RFP development process.
For all RFPs coming before the TGB, a summary (or concept paper) describing the RFP must be submitted by the issuing agency. The concept paper is reviewed by the JCIO, looking for duplication within the enterprise and assessing whether an existing application can be adapted for the agency’s use. The JCIO recommendation is then forwarded to the TGB for action.
RFP Review – Future Direction
As the RFP review process has developed, it has become apparent that an awareness of sole source procurement documents would be helpful. This knowledge will help the TGB to further develop and promote partnerships between agencies on similar projects and lead to greater cost savings. Consequently, the TGB has recently decided to begin reviewing sole source procurements for IT purchases over $50,000 in value. Sole source procurements are defined as “a purchase of a good or service in which the department or agency selects a vendor without engaging in a competitive selection process.”
This review will include only sole source procurements for new IT hardware and software. It will not include upgrades to existing hardware or software, expansions or replacements for existing IT hardware or software, or annual maintenance fees. An upgrade is defined as “additional hardware or software enhancements, extensions, features, options, or devices to support, enhance, or extend the life or increase the usefulness of previously procured information technology devices.”
In addition, RFP concept papers will be reviewed to more readily identify possible components for the service-oriented architecture (SOA) and other IT research projects. To facilitate the review process, those themes and initiatives deemed by the TGB to be important for the enterprise will be identified in the new version of the RFP concept paper.
Approval of IOWAccess Convenience Fees
The TGB is required by the Code of Iowa section 8A.204-3(3f) to approve rates for electronic access to value-added State services from recommendations provided by the IOWAccess Advisory Council. Specifically, the Code of Iowa states:
“Review the recommendations of the IowAccess Advisory Council regarding rates to be charged for access to and for value-added services performed through IowAccess, pursuant to section 8A.221. The board shall report the establishment of a new rate of change in the level of an existing rate to the department, which shall notify the department of management and the legislative services agency regarding the rate establishment or change.”
Since the board was formed in July of 2005, the TGB has discussed and approved the following rates:
· Public Safety – A $10 fee for Iowa criminal history record checks with Internet credit card use.
· Public Health – A $3 fee for licensing public health officials with Internet credit card use.
· Iowa Workforce Development – A $4.30 to $18.75 fee range for elevator permitting with Internet credit card use. The fee amount is based on the dollar amount of the permit being issued.
Upon approval by the TGB, both the Department of Management and Legislative Services Agency were notified of the new rates. Agencies implementing the convenience fees understand the rates will be reviewed periodically and adjusted, if necessary.
Service-Oriented Architecture (SOA)
Architecture, in this context, reflects a software design and infrastructure that supports specific functional and operational requirements for the management and processing of data within state government. SOA is centered on common units of work that can be shared by many programs. For example, an airline may provide its flight schedules to many travel sites via a single service. That travel site can, in turn, get flight schedules from many airlines. A software application can be assembled from services, or services can be “exposed” from existing programs.
The SOA Research Project
Late in 2005, the TGB agreed that it needed a “yardstick” for assessing the technology spending under its purview. SOA was chosen as the yardstick because of its potential for strategic impact on state government, as well as its real-world applicability.
To achieve the goal of defining and applying such a standard within state government, the TGB sponsored an Executive Branch SOA project and issued an RFP for a vendor to provide educational and organizational services to the internal SOA Technical Committee. From early April 2006 through the end of July 2006, a SOA Technical Committee guided the delivery of training, best practices, and planning from the selected vendor. The project was completed in August 2006. The deliverables from the SOA Technical Committee are available on the TGB’s website at: http://www.das.iowa.gov/tgb/IT_research/index.html.
Moving Forward With SOA
Based on the recommendations of the SOA Technical Committee and the JCIO, the TGB has formed a SOA Advisory Committee with core members from all three branches of state government. This group will oversee the various standards-setting and research working groups that will drive the implementation of this new architecture.
The Criminal Justice Information Sharing (CJIS) project is the first multi-agency project that will make widespread use of SOA to achieve its goals. The SOA Advisory Committee has been invited to participate in the selection of the CJIS project vendor and the eventual delivery of the project. We hope to gather real-world information about SOA and use the knowledge to further the adoption of SOA throughout the State.
Information Technology Standards
Two key responsibilities of the TGB are to develop administrative rules governing the activities of the board and develop and adopt information technology standards applicable to all agencies. The TGB approved two administrative rules and one enterprise standard and is currently reviewing three additional standards. The following rules became effective November 29, 2006:
· Iowa Administrative Code 11—25.9(8A)Adoption of Enterprise Operational Standards - This rule establishes the process for bringing proposed standards to the Technology Governance Board for approval, including a provision for public comment, and the implementation of approved rules by publishing them on the DAS Internet website and providing a notification to participating agencies.
· Iowa Administrative Code 11—25.11(8A)Assessment and Enforcement of Security Operational Standards - This rule establishes the ability of the state Chief Information Security Officer (CISO) to assess compliance with approved security standards and includes appropriate remedies if compliance is not achieved. Since security must be balanced with risk and service delivery, the rule provides for the CISO to exercise limited discretion through a defined process that provides for additional time to achieve compliance or accommodates minor variances from the security standard. The rule seeks to achieve an optimal balance within a controlled framework.
Through the implementation of these administrative rules, the Technology Governance Board has established processes that provide for the efficiency and flexibility needed in the standardssetting process and establishes the authority necessary to assess and enforce information security standards and policies.
The Technology Governance Board approved a wireless networking standard to protect state network resources at agencies using wireless connectivity services. The board is considering two additional standards requiring encryption of confidential information on laptop computers and removable storage devices and another that requires classification of data at each agency to identify all data that must be encrypted.